---
title: Triage and Prioritize
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > Cloud Security > Triage and Prioritize
---

# Triage and Prioritize

Cloud Security generates findings across vulnerabilities, misconfigurations, and identity risks. Triage and Prioritize covers two related capabilities: the engine that identifies the findings that expose your business-critical resources, and the scoring framework that translates that judgment into a per-finding severity score you can sort, filter, and route on.

## Runtime Prioritization Engine{% #runtime-prioritization-engine %}

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com



{% alert level="danger" %}
Runtime Prioritization Engine is not available in the selected site ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}


{% /callout %}

{% callout %}
##### Join the Preview!

Runtime Prioritization Engine is in Preview for Cloud Security Vulnerabilities. Use this form to request access.

[Request Access](https://www.datadoghq.com/product-preview/runtime-prioritization-engine/)
{% /callout %}

The [Runtime Prioritization Engine](https://docs.datadoghq.com/security/cloud_security_management/triage_and_prioritize/runtime_prioritization_engine.md) combines runtime observability and security data to identify the ~5% of findings truly exposing your business-critical resources. It evaluates each finding across five dimensions: reachability, exposure, exploitability, business criticality, and actionability.

## Severity Scoring{% #severity-scoring %}

[Severity Scoring](https://docs.datadoghq.com/security/cloud_security_management/triage_and_prioritize/severity_scoring.md) turns the Runtime Prioritization Engine's output into a Datadog Severity Score on each finding. For vulnerabilities, it follows the [CVSS 4.0](https://www.first.org/cvss/v4-0/) algorithm, enriching the base score with temporal factors (such as active exploits or exploitation probability) and environmental factors (such as runtime context, exposure, or criticality of the affected resource). For misconfigurations and identity risks, it computes severity using a likelihood × impact matrix that weighs how an adversary could abuse the finding against the damage that abuse would cause.

## Further reading{% #further-reading %}

- [Runtime Prioritization Engine](https://docs.datadoghq.com/security/cloud_security_management/triage_and_prioritize/runtime_prioritization_engine.md)
- [Severity Scoring](https://docs.datadoghq.com/security/cloud_security_management/triage_and_prioritize/severity_scoring.md)
- [Review prioritized findings in the Security Inbox](https://docs.datadoghq.com/security/security_inbox.md)